Cisco Cisco Prime IP Express 8.3 テクニカルリファレンス
The maximum number of times that a TKEY RRs will be exchanged between
a client and the server during a particular key negotiation to prevent
endless looping as per RFC 2930. Default value is 5.
a client and the server during a particular key negotiation to prevent
endless looping as per RFC 2930. Default value is 5.
tkey-session-time
(0-1y) default = 5m
Specifies the user configurable maximum lifetime of a negotiated TKEY.
Lifetime of a negotiated TKEY can be controlled by two factors.
The first being by the TKEY expiry time given by the Kerberos server
which is obtained during the initial TKEY negotiation.
The second being through this attribute.
If set to 0, this attribute is disabled and the TKEY lifetime is
controlled only by the Kerberos TKEY expiry time obtained during
the TKEY negotiation.
When this attribute is configured with a value > 0, the minimum
of Kerberos TKEY expiry time and this value is taken as the maximum
lifetime of the TKEY.
Default value is 300 seconds.
Lifetime of a negotiated TKEY can be controlled by two factors.
The first being by the TKEY expiry time given by the Kerberos server
which is obtained during the initial TKEY negotiation.
The second being through this attribute.
If set to 0, this attribute is disabled and the TKEY lifetime is
controlled only by the Kerberos TKEY expiry time obtained during
the TKEY negotiation.
When this attribute is configured with a value > 0, the minimum
of Kerberos TKEY expiry time and this value is taken as the maximum
lifetime of the TKEY.
Default value is 300 seconds.
(10-65535) default = 32767
The server and client will maintain some required data in TKEY table
when performing TKEY negotiation. This attribute bounds the TKEY table
by defining the maximum number of key records. The new TKEY query
negotiation will fail when TKEY table hit this maximum size.
Default size is 32767.
when performing TKEY negotiation. This attribute bounds the TKEY table
by defining the maximum number of key records. The new TKEY query
negotiation will fail when TKEY table hit this maximum size.
Default size is 32767.
(10s-10m) default = 60s
This attribute will define the interval to purge expired key records
in TKEY table. Default value is 60 sec.
in TKEY table. Default value is 60 sec.
ha-dns-pair
ha-dns-pair - configure a High Availability DNS relationship
Synopsis
ha-dns-pair <name> create <main-cluster/address>
<backup-cluster/address>
[<attribute>=<value> ...]
<backup-cluster/address>
[<attribute>=<value> ...]
ha-dns-pair <name> delete
ha-dns-pair list
ha-dns-pair listnames
ha-dns-pair listbrief
ha-dns-pair <name> show
ha-dns-pair list
ha-dns-pair listnames
ha-dns-pair listbrief
ha-dns-pair <name> show
ha-dns-pair <name> get <attribute>
ha-dns-pair <name> set <attribute>=<value> [<attribute>=<value> ...]
ha-dns-pair <name> unset <attribute>
ha-dns-pair <name> set <attribute>=<value> [<attribute>=<value> ...]
ha-dns-pair <name> unset <attribute>
ha-dns-pair <name> sync < update | complete | exact >
< main-to-backup | backup-to-main > [from-regional]
< main-to-backup | backup-to-main > [from-regional]
ha-dns-pair <name> getstatus [full]
Description
The ha-dns-pair command lets you define and manage the
High Availability relationship between a main and backup DNS server.
Either the main and backup clusters or the main and backup server
IP addresses can be specified with the create command. If the
ha-dns-main-server and ha-dns-backup-server addresses are set,
the cluster addresses will only be used for synchronization of the
server configuration. The referenced clusters must be configured
with appropriate connection credentials for the sync command to be
successful.
Note: When running in local mode, the 'from-regional' sync
option does not apply. Regardless of the synchronization option
(from-regional, main-to-backup, backup-to-main), properties
set on the ha-dns-pair will always replace values present on
the DNS server object.
High Availability relationship between a main and backup DNS server.
Either the main and backup clusters or the main and backup server
IP addresses can be specified with the create command. If the
ha-dns-main-server and ha-dns-backup-server addresses are set,
the cluster addresses will only be used for synchronization of the
server configuration. The referenced clusters must be configured
with appropriate connection credentials for the sync command to be
successful.
Note: When running in local mode, the 'from-regional' sync
option does not apply. Regardless of the synchronization option
(from-regional, main-to-backup, backup-to-main), properties
set on the ha-dns-pair will always replace values present on
the DNS server object.